From 733c9b1ae03c02054343763837df30df5a80a404 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 20 May 2026 23:11:14 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[CRITICAL]?=
 =?UTF-8?q?=20Fix=20LaTeX=20RCE=20and=20DoS=20in=20PDF=20generation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added missing `-no-shell-escape` flags and strict subprocess timeouts to `pdflatex` and `pandoc` commands in `PDFConverter` and `CoverLetterGenerator`. This prevents arbitrary code execution via LaTeX `\write18` and DoS attacks via compilation infinite loops.

Co-authored-by: anchapin <6326294+anchapin@users.noreply.github.com>
---
 .jules/sentinel.md                       |  5 +++++
 cli/generators/cover_letter_generator.py | 27 ++++++++++++++++++++----
 cli/pdf/converter.py                     | 25 ++++++++++++++++++----
 3 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/.jules/sentinel.md b/.jules/sentinel.md
index 3a1d237..343ff47 100644
--- a/.jules/sentinel.md
+++ b/.jules/sentinel.md
@@ -7,3 +7,8 @@
 **Vulnerability:** The `CoverLetterGenerator` used a standard Jinja2 environment (intended for HTML/XML or plain text) to render LaTeX templates. This allowed malicious user input (or AI hallucinations) containing LaTeX control characters (e.g., `\input{...}`) to be injected directly into the LaTeX source, leading to potential Local File Inclusion (LFI) or other exploits.
 **Learning:** Jinja2's default `autoescape` is context-aware based on file extensions, but usually only for HTML/XML. It does NOT automatically escape LaTeX special characters. Relying on manual filters (like `| latex_escape`) in templates is error-prone and brittle, as developers might forget to apply them to every variable.
 **Prevention:** Always use a dedicated Jinja2 environment for LaTeX generation that enforces auto-escaping via a `finalize` hook (e.g., `tex_env.finalize = latex_escape`). This ensures *all* variable output is sanitized by default, providing defense-in-depth even if the template author forgets explicit filters.
+
+## 2026-05-20 - [Critical] LaTeX RCE and DoS in PDF Generation
+**Vulnerability:** The `PDFConverter` (`cli/pdf/converter.py`) and `CoverLetterGenerator` (`cli/generators/cover_letter_generator.py`) modules omitted the `-no-shell-escape` flag when invoking `pdflatex` and `pandoc`, allowing LaTeX templates to execute arbitrary shell commands via the `\write18` primitive (RCE). Additionally, the `subprocess.communicate()` calls lacked a strict timeout, making the application vulnerable to Denial of Service (DoS) attacks via infinite loops in malicious or buggy LaTeX code.
+**Learning:** Security parameters and protective mechanisms (like `-no-shell-escape` and timeouts) must be applied uniformly across all code paths executing external tools. Even if one module (`TemplateGenerator`) is secure, duplicated or refactored logic elsewhere can easily drop these critical safeguards, introducing severe vulnerabilities.
+**Prevention:** Always enforce the `-no-shell-escape` flag for `pdflatex` (directly) and `pandoc` (via `--pdf-engine-opt=-no-shell-escape`). Implement strict subprocess timeouts with explicit process cleanup (`process.kill()` and a second `communicate()`) to prevent zombie processes and DoS. Ensure these protections are centralized or rigidly duplicated across all PDF generation implementations.
diff --git a/cli/generators/cover_letter_generator.py b/cli/generators/cover_letter_generator.py
index aaf0b61..67cb0b7 100644
--- a/cli/generators/cover_letter_generator.py
+++ b/cli/generators/cover_letter_generator.py
@@ -771,12 +771,18 @@ def _compile_pdf(self, output_path: Path, tex_content: str) -> bool:
         try:
             # Use Popen with explicit cleanup to avoid double-free issues
             process = subprocess.Popen(
-                ["pdflatex", "-interaction=nonstopmode", tex_path.name],
+                ["pdflatex", "-interaction=nonstopmode", "-no-shell-escape", tex_path.name],
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
                 cwd=tex_path.parent,
             )
-            stdout, stderr = process.communicate()
+            try:
+                stdout, stderr = process.communicate(timeout=30)
+            except subprocess.TimeoutExpired:
+                process.kill()
+                stdout, stderr = process.communicate()
+                return False
+
             if process.returncode == 0 or output_path.exists():
                 pdf_created = True
         except (subprocess.CalledProcessError, FileNotFoundError):
@@ -787,11 +793,24 @@ def _compile_pdf(self, output_path: Path, tex_content: str) -> bool:
                 # Fallback to pandoc
                 try:
                     process = subprocess.Popen(
-                        ["pandoc", str(tex_path), "-o", str(output_path), "--pdf-engine=xelatex"],
+                        [
+                            "pandoc",
+                            str(tex_path),
+                            "-o",
+                            str(output_path),
+                            "--pdf-engine=xelatex",
+                            "--pdf-engine-opt=-no-shell-escape"
+                        ],
                         stdout=subprocess.PIPE,
                         stderr=subprocess.PIPE,
                     )
-                    stdout, stderr = process.communicate()
+                    try:
+                        stdout, stderr = process.communicate(timeout=30)
+                    except subprocess.TimeoutExpired:
+                        process.kill()
+                        stdout, stderr = process.communicate()
+                        return False
+
                     if process.returncode == 0 or output_path.exists():
                         pdf_created = True
                 except (subprocess.CalledProcessError, FileNotFoundError):
diff --git a/cli/pdf/converter.py b/cli/pdf/converter.py
index 0b0a200..7f2f733 100644
--- a/cli/pdf/converter.py
+++ b/cli/pdf/converter.py
@@ -86,12 +86,17 @@ def _compile_pdflatex(
         """
         try:
             process = subprocess.Popen(
-                ["pdflatex", "-interaction=nonstopmode", tex_path.name],
+                ["pdflatex", "-interaction=nonstopmode", "-no-shell-escape", tex_path.name],
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
                 cwd=working_dir,
             )
-            stdout, stderr = process.communicate()
+            try:
+                stdout, stderr = process.communicate(timeout=30)
+            except subprocess.TimeoutExpired:
+                process.kill()
+                stdout, stderr = process.communicate()
+                return False
 
             if process.returncode == 0 or output_path.exists():
                 return True
@@ -121,12 +126,24 @@ def _compile_pandoc(
         """
         try:
             process = subprocess.Popen(
-                ["pandoc", str(tex_path), "-o", str(output_path), "--pdf-engine=xelatex"],
+                [
+                    "pandoc",
+                    str(tex_path),
+                    "-o",
+                    str(output_path),
+                    "--pdf-engine=xelatex",
+                    "--pdf-engine-opt=-no-shell-escape"
+                ],
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
                 cwd=working_dir,
             )
-            stdout, stderr = process.communicate()
+            try:
+                stdout, stderr = process.communicate(timeout=30)
+            except subprocess.TimeoutExpired:
+                process.kill()
+                stdout, stderr = process.communicate()
+                return False
 
             if process.returncode == 0 or output_path.exists():
                 return True